Re: Initial configuration for a IDSM-2

fedecotofaja · ‎07-30-2009

Hi,

I have configured the IPS Appliance and the IPS module on ASAs... now I need to configure an IDSM-2 on a 6500.

Is it basically the same thing?

I need to configure it as an IDS first, then we will change it to IPS, so I understand that I can use SPAN to send traffic to the module, and configure the interface on the module to monitor the traffic, is this correct?

Is there anything else I should be aware of?

Thank you for any insight!

Federico.

smalkeric · ‎08-05-2009

Configuration Sequence

Perform the following tasks to configure IDSM-2:

1. Configure the Catalyst 6500 series switch for command and control access to IDSM-2.

2. Log in to IDSM-2.

3. Configure the switch to send traffic to be monitored to IDSM-2.

The below URL explains about the configuration of IDSM-2 with 6500 cat switch:

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_idsm2.html#wp1059935

4. Initialize IDSM-2.

Run the setup command to initialize IDSM-2. During setup, you can configure the interfaces of IDSM-2.

5. Create the service account.

6. Perform the other initial tasks, such as adding users, trusted hosts, and so forth.

7. Configure intrusion prevention.

8. Perform miscellaneous tasks to keep IDSM-2 running smoothly.

9. Upgrade the IPS software with new signature updates and service packs.

10. Reimage the application partition and the maintenance partition when needed.